Eliminate Document Delays
Sign contracts and more instantly with Personio.
Qualified Electronic Signatures: Clear Answers For Every Organization
Being able to sign documents easily and electronically is key in an ever-digitized business world. That is why qualified electronic signatures, and all of the security assurances that come with them, are so critical. In this article, we detail how they work, why they matter, and how to access them today.
- What Is A Qualified Electronic Signature?
- What Requirements Do QESs Need To Meet?
- What Does A QES Look Like In Practice?
- How Does QES Encryption Work?
- Can QESs Be Used In An Email?
- How Do You ‘Verify’ A QES?
- How Do You Create A QES?
- What Do You Need To Create A Qualified Electronic Signature?
- How Much Does QES Equipment Cost?
- When Would HR Departments And Orgs Need A QES?
What Is A Qualified Electronic Signature?
A qualified electronic signature (QES) is a secure electronic signature that is legally equivalent to a handwritten signature. It has all the characteristics of an advanced electronic signature and is based on a unique certificate that proves its validity beyond a shadow of a doubt.
Using a qualified electronic signature, companies and institutions can prove their identity in electronic data transactions, e.g., legal transactions on the Internet, as well as part of other agreements.
Are Qualified Electronic Signatures Legally Binding?
As perArt. 25 (2) of the eIDAS Regulation, qualified electronic signatures apply to all EU member states. It is also important to note, though, that in the UK qualified electronic signatures are also considered compliant and legally binding.
What Requirements Do QESs Need To Meet?
The eIDAS Regulation, which governs the use of electronic signatures and trust services in the EU, has set out the following requirements for qualified electronic signatures:
It is uniquely assigned to signers.
It enables the signatory to be identified without any doubt.
It is created using a qualified electronic signature creation device.
It is designed in such a way that any subsequent change to the data in the signature can be detected.
It is based on a qualified certificate for electronic signatures.
What Does A QES Look Like In Practice?
Qualified and advanced electronic signatures are identical on their face and from a technical perspective. That said, in the case of a QES, the identity of the signee is additionally guaranteed by the recognized certification service that issues the qualified signature. So, while they may appear the same, a QES comes with an additional level of security.
How Does QES Encryption Work?
In practice, a QES involves the signee being assigned a private signature key that has strong cryptographic encryption.This private key can only be read with a public key that uniquely matches it. The qualified certificate of the trust service provider combines both keys to confirm the identity of the person signing.
Can QESs Be Used In An Email?
Essentially, a QES is equivalent to a handwritten counterpart. So, anything that you could sign physically, you could sign with a QES. With that in mind, it means that things like emails don’t fall under their umbrella — as you wouldn’t be able to physically sign an email in any other context.
The digital signatures, sometimes found in e-mails, are more comparable to a letter seal. They can prove whether an email was really sent by a specific sender or whether its contents were manipulated. Certain systems are able to check the signature of an e-mail and the qualified signed documents in the email attachment for incoming emails.
How Do You ‘Verify’ A QES?
When signing a document, the recipient will receive an electronically signed document including a public key. To check the validity of the qualified electronic signature, the addressees must track who the document originated from and ensure that its content has not been changed. The enclosed public key can be used to read the transmitted electronic signature. If the values of the sender’s private key and the public key match, the signed document has been transmitted unchanged.
How Do You Create A QES?
To create a qualified electronic signature, a signature card is required that is provided with a unique, forgery-proof electronic certificate. The certificate must be issued by a recognized certification service (Trust Service Provider) that covers the security requirements of the eIDAS Regulation.
The certification service generates a secure signature creation device that the trust service provider can control remotely. This prevents tampering with the qualified electronic signature, which could otherwise be carried out on readers and the like.
What Do You Need To Create A Qualified Electronic Signature?
To create a qualified electronic signature, the signature card of a certification provider (see above), a suitable card reader, and signature software are required.
Here is an overview of the steps in the QES process:
Select a suitable certification service.
Organize the necessary hardware and software.
Software for qualified electronic signature
Add a digital signature to your document.
Identify yourself uniquely so that a qualified certificate can be issued.
According to the definition in the eIDAS Regulation, cloud-based signatures can also meet the requirements for a qualified signature. In this case, no signature card is required. The certificates are stored there on a server and the qualified electronic signature can be managed remotely by a qualified certification service on behalf of the signer.
How Much Does QES Equipment Cost?
For a card reader, signature card, and certificate for a qualified electronic signature valid for three years, you normally pay between £100 to £130 (€120 to €160).
When Would HR Departments And Orgs Need A QES?
The majority of use cases in HR can be mapped using a simple or advanced electronic signature.
You essentially need qualified electronic signatures for:
Acknowledgments of receipt
Amendments and supplements to the employment contract with double written form clause
Although the qualified electronic signature is the most secure form of e-signature, it always requires personal identification when first implemented. Subsequently, two-factor authentication is required, for example, by means of a signature card.
The question of which type of signature is relevant for you must therefore be weighed up according to the legal requirements and the specific use case.
Get Exclusive Insights, Invites and More With Our Weekly HR Newsletter
© 2022 Personio GmbH & Co. KG